US20120008784A1 - Delegated Key Exchange System and Method of Operation - Google Patents

Delegated Key Exchange System and Method of Operation Download PDF

Info

Publication number
US20120008784A1
US20120008784A1 US13/166,762 US201113166762A US2012008784A1 US 20120008784 A1 US20120008784 A1 US 20120008784A1 US 201113166762 A US201113166762 A US 201113166762A US 2012008784 A1 US2012008784 A1 US 2012008784A1
Authority
US
United States
Prior art keywords
party
value
key
function
cryptographic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US13/166,762
Inventor
Phillip Martin Hallam-Baker
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US13/166,762 priority Critical patent/US20120008784A1/en
Publication of US20120008784A1 publication Critical patent/US20120008784A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Definitions

  • the present invention is in the technical field of cryptographic protocols for exchange of cryptographic keys.
  • Cryptography permits strong guarantees to be provided with respect to the confidentiality, authenticity and integrity of communications. Providing such guarantees is of increasing importance in the field of automated control systems employing low cost, low performance devices.
  • the security of a cryptographic protocol invariably depends on the security of the cryptographic keys used to encrypt and authenticate protocol messages. There is thus a need for cryptographic protocols to exchange and establish such keys without the risk of disclosure or interference by a possible attacker. Such protocols are known as key exchange.
  • the form of key exchange typically preferred in a modern communication protocol employs the form of cryptography known as public key cryptography using techniques such as those taught by Diffie et. al. and Rivest et al.
  • the core strength of these algorithms is the separation of the keys used to sign and decrypt messages from those used to verify and encrypt messages.
  • Public key cryptography offers considerable benefits to the protocol designer but requires significant computational resources to perform the necessary calculations with a key size sufficiently large to provide an acceptable degree of security. For this reason and others, cryptographic protocols almost invariably employ a mixture of public key and traditional techniques known as ‘symmetric key cryptography’.
  • Symmetric key cryptography alone has proved to be sufficient to support many large scale applications involving only two parties and where one of the parties is the provider of the authentication device.
  • SIM Subscriber Identity Modules
  • protocols used to support such devices employ symmetric key cryptography as the basis for an authentication service, their purpose is to identify the device in which it is installed to the issuer alone.
  • the protocols developed are thus essentially two party protocols designed to allow a secure communication between the issuer of the device and the holder of the device.
  • trusted third parties must limit their exposure to claims of liability, including unfounded claims. This in turn requires trusted third parties employ protocols and procedures that limit or eliminate their ability to commit a breach. Hitherto such protocols have required that all devices involved in the protocol perform public key cryptography operations.
  • ECC Elliptic Curve Cryptography
  • a variation of this approach is to provide the device with special purpose hardware optimized for functions commonly used in cryptographic operations such as modular exponentiation. This approach is undesirable as it requires a significant increase in device complexity and the additional circuitry will be present in the device and drawing power for the lifetime of the device even though it will only actually be used on very rare occasions.
  • Another approach is to use symmetric key cryptography using a shared key that is configured into the device during deployment. This approach offers high security when done correctly but requires a significant commitment of effort and expertise.
  • the present invention is a means of performing a secure cryptographic key exchange between a host and a device mediated by a service such that the device is not required to perform public key operations but the established key is nevertheless not disclosed to the service.
  • FIG. 1 shows an example application of the present invention in the field of home automation
  • FIG. 2 shows the relationship between the communicating parties in the present invention
  • FIG. 3 shows an example protocol exchange employing the present invention
  • a device is initialized with a unique device identifier (ID) and device key (K D ) during manufacture.
  • ID unique device identifier
  • K D device key
  • the device key should conform to all the requirements for use as a cryptographic key and the mode of distribution should ensure that at the end of the manufacturing process the device key is only stored in the device to which it is issued and the delegate key exchange service.
  • the protocol described allows a device that has a pre-established ID, K D pair with a delegate key exchange service ‘service’ to establish a shared secret K DH with a host computer, such that:
  • the trust guarantees offered to the parties may be further increased by use of mechanisms that ensure that the device keys are at all times protected by trustworthy, auditable hardware.
  • the end user of the Device and Host might opt to further control their degree of risk by re-initializing devices previously configured for use with a Service of their own choice, typically one that is under their direct control.
  • FIG. 1 shows an example of the protocol being employed in a home automation application.
  • Homeowner Alice ( 2 ) wishes electrician Bob ( 1 ) to deploy a home automation system in her house so that she can turn the lights ( 10 , 11 ) on and off in the television room without getting up from her chair.
  • the home automation system ( 12 ) must not require additional wiring to be laid and control signals must therefore be passed either wirelessly or through the power line. While existing products meet this specific need, their lack of security means that the lights in Alice's house could be accidentally activated by Carol living next door or deliberately and maliciously by attacker Mallet ( 3 ).
  • An approach using public key cryptography as the device authentication means would require each device controller to have the ability to perform public key cryptography operations and thus be more expensive.
  • An approach using symmetric key cryptography alone would require Alice and Bob to either engage in complex key management operations or to accept disclosure of their cryptographic keys to a third party.
  • the delegate key exchange scheme allows Bob to install the home automation devices with minimal changes to his working practices.
  • the device is wired in precisely the same way as a traditional power socket or light switch.
  • Each device is marked with a unique identifier (for example, a serial number).
  • Bob makes a note of each identifier (for example, by using a barcode reader or writing it down) and enters them into the home automation controller system which contacts the Delegate Key Exchange Service ( 13 ) on his behalf to complete the key exchange. From this point on the configuration and initialization of the device is automatic.
  • Delegated Key Exchange may be employed in other forms of control system application, including industrial plant control, industrial plant automation, robotics and automotive vehicles.
  • Delegated Key Exchange may be employed in the context of a card or token based authentication schemes.
  • the authentication token (for example an ISO/IEC 7810 compliant smartcard) is initialized with a symmetric keypair during manufacture. On deployment the card is initialized with a site specific symmetric keypair by means of the Delegated Key Exchange protocol.
  • the protocol consists of four messages of which the last three contain the cryptographic elements.
  • the protocol configuration is shown in FIG. 2 .
  • a timing diagram for the protocol is given in FIG. 3 .
  • the parties to the protocol are a Device ( 101 ), a Host ( 101 ) and a Service ( 102 ).
  • Communication between the Device and Host would be achieved using whatever physical and messaging protocols are supported by the device.
  • RS 485 in combination with MODBUS or DNP3.
  • the security of the protocol does not depend on the communication between the Device and Host being protected against non-disclosure. Indeed it is assumed that the lack of such protection is the problem that the invention is deployed to solve.
  • Communication between the Host and Service ( 202 ) must be protected to prevent disclosure. This may be achieved using a secure tunnel protocol such as SSL/TLS or IPSEC.
  • the cryptographic elements are directly protected using the public key of the Host and Server.
  • the communication between the Host and Service are secured by a session key established out of band.
  • the protocol employs a Message Authentication Code function M (c, k) where c is the content and k the key.
  • M Message Authentication Code function
  • HMAC-SHA2 HMAC-SHA2
  • the protocol also employs a cryptographic digest function M(c) where c is the content.
  • a cryptographic digest function M(c) where c is the content.
  • SHA-2 may be used.
  • the protocol does not require that the combination of the data items be achieved through concatenation or that they be presented in a particular order, only that the combination function and the order chosen be consistent. Equivalent embodiments of the protocol may be devised by altering the order in which the data elements are combined, the combination function and/or the cryptographic algorithms.
  • the protocol requires nonce values (n H1 , n H2 , n S ) to be generated by the Host and Service.
  • Nonce values may be generated through a wide variety of equivalent means.
  • a cryptographically qualified random data source may be used.
  • a pseudo-random sequence may be used.
  • the Device In the first step of the protocol the Device communicates its unique identifier to the Host.
  • the Device to Host message may be performed out of band, either as part of a prior network communication (e.g. network address acquisition) or even a communication with the device supplier prior to the physical device itself being acquired.
  • the Host communicates the values ID and n H1 to the Service where n H1 is a nonce value.
  • the Service determines if it holds a corresponding key value. If not, an error is reported and the protocol stops. If required, the Host may perform access control operations at this point, dependent on the credentials presented by the Host.
  • the protocol makes use of a context value C.
  • the value C is simply the device identifier ID.
  • the value C is calculated from the cryptographic credentials used to secure the communication between the Host and Service.
  • the Service now generates a nonce value n S and calculates the values t H1 and m as follows:
  • the Service communicates the values n S and m to the Host.
  • the Service should delete all copies of the values n H1 and m after the message has been sent to the host. If this form of attack is not a concern, it is not necessary to calculate t H1 and the value n H1 may be used in its place to calculate m.
  • the Host now generates a nonce value n H2 and calculates the value K DH as follows:
  • the Service now completes the protocol by communicating the values t H1 , n H2 and n S to the Device.
  • the Device may now calculate the value K DH using the same formula as the Host.
  • Additional protections may be provided with only a modest increase in computational cost by modifying the choice of context value C so that it is dependent on the cryptographic credentials used to authenticate the server and extending the Host to Device communication to provide the Device with sufficient information to determine C.
  • a realization of the protocol may require the value C to be determined as:
  • the Server will only use values of C created from authentic credentials C S , the protocol is protected against a man-in-the-middle attack.
  • the value C may be made dependent on any set of data values that are to be securely bound to the established cryptographic key. For example, the time the request is made, or the identity of the party making the request.
  • the same principle may be applied to communication between the Device and Host to achieve attestation of any properties of the Device and/or the Host.
  • the host For example, a common requirement is for the host to be able to determine which firmware, application code or configuration data is in use in the device.
  • the value D might be calculated as:
  • MAC Message Authentication Code
  • the Host it is desirable for the Host to have the ability to select the shared secret key. For example to enable the use of keys generated from the device identifier or other identifier by means of a master secret key.
  • This capability may be added to the protocol by encrypting the desired shared secret under the value K DH and including the result in the final message from the Host to the Device.
  • a party with serious security concerns might choose to further limit reliance on one specific Delegated Key Exchange Service by employing multiple services.
  • a shared key established through a key exchange employing one Service is used to encrypt communication between the Device and Host in a second key exchange employing the second service.
  • the Device and Host establish multiple shared keys through key exchanges with the independent Services and the final key is created by means of a combination function on the set of shared keys.
  • the protocol as described allows a constrained Device to establish a session key with a Host that is not constrained in processing resources.
  • the protocol may be generalized to allow a session key to be established between two constrained devices.
  • One method of establishing a session key between two constrained devices is for the Host to perform an independent key establishment operation with each constrained device and then issue a session key to the constrained devices.
  • This mode of use may be regarded as a combination of the present invention with a Needham-Schroeder key distribution mechanism with the Host performing the role of the key distribution center.
  • Another method of establishing a session key is for the constrained devices to interact directly. Numerous equivalent variations of this approach are possible.
  • the value K DH may be used to authenticate a lightweight Diffie-Helleman key exchange following completion of the delegated exchange protocol.
  • Device Identifier and Device Key are logically independent, manufacturing efficiencies may be realized by employing techniques which allow the shared secret to be derived from the device identifier by means of a cryptographic operation and a secret key.
  • K DH E (ID, k 1 )
  • K DH MAC (ID, k 2 )
  • the scope of use for the secret keys should be minimized to limit exposure in case a compromise does occur. For example a machine testing and configuring a million devices a week might be required to change encryption keys every 10,000 devices so that a compromise such as the theft of the configuration device would in the worst case require the replacement of the devices initialized using the last encryption key rather than every device ever configured by that machine.
  • the basic key exchange protocol may be used to benefit a wide range of applications.
  • a key problem in manufacture of electronic devices is how to program each device with a unique identity code. Mass production techniques are optimized for the production of devices that are precisely the same. Programming of cryptographic keys offers a challenge that is harder still, not only is the data to be unique, the data must not be disclosed to any unauthorized party.
  • an interchangeable identity module would contain a CPU, memory and communication means packaged in an interchangeable package format such as a dual-in-line (DIL) socket or SIM format.
  • DIL dual-in-line
  • SIM SIM format.
  • Such a device may employ a standardized interface protocol such as Serial Peripheral Interface Bus or Inter-Integrated Circuit (I 2 C)bus for communication.
  • I 2 C Inter-Integrated Circuit
  • an end-user wishes to employ a commercial off-the-shelf device manufactured for use in applications requiring a normal degree of trustworthiness for an application requiring a higher degree of trust they can do so by replacing the interchangeable identity module provided by the supplier with a different one from a trusted provider. If the highest level of assurance is required, a low cost generic Interchangeable Identity Module may be replaced with one produced in a trusted facility and additionally capable of supporting public key operations, thus enabling use of a key exchange supporting perfect forward secrecy.
  • Interchangeable Identity Modules provide another important advantage when equipment is being decommissioned. Removal and destruction of the Interchangeable Identity Module assures the end user that the ability of the device to access their network has been completely eliminated.
  • the present invention may be used as the basis of an improved wireless identification device also known as a Radio Frequency Identification Device (RFID).
  • RFID Radio Frequency Identification Device
  • the present invention allows a low cost RFID token without public key capability to be cryptographically ‘tied’ to a specific zone of trust and to perform secure communications within that zone of trust without the risk of compromise by the token manufacturer or registry service provider.
  • the present invention may be used as the basis of a theft prevention system in which the device refuses to perform part or all of its function unless the device is provided with periodic proof of possession of a shared key established through use of the protocol.
  • an LED light bulb is configured with a device key during manufacture.
  • the end user performs the protocol previously described (or a variant thereof) to establish a shared secret key K DH .
  • the Service is advised that all requests for re-key operations for that device are to be refused except by express permission of that end user.
  • the device is then instructed to refuse requests to provide illumination unless that request is authenticated by means of the shared secret key K DH .
  • the present invention may be applied to prevent theft of all manner of electronic devices that require access to a computer network for at least a part of their function or are composed of multiple interchangeable components.
  • Such devices include lenses and accessories for photographic and video systems, automotive accessories as car radios and mobile telephones.

Abstract

A cryptographic key exchange protocol that enables a device that does not have the capability to perform public key operations to securely establish a shared key with a host device without any information disclosing the key being revealed to the delegate key service.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims the benefit of U.S. Provisional Application No. 61/362,457, filed on 8th Jul. 2010 under 35 U.S.C. 119(e), the entire contents of which are incorporated by reference.
    • STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
  • Not Applicable
    • REFERENCE TO SEQUENCE LISTING, A TABLE, OR A COMPUTER PROGRAM LISTING COMPACT DISK APPENDIX
  • Not Applicable
    • FIELD OF THE INVENTION
  • The present invention is in the technical field of information security
  • More particularly, the present invention is in the technical field of cryptographic protocols for exchange of cryptographic keys.
    • BACKGROUND
  • Cryptography permits strong guarantees to be provided with respect to the confidentiality, authenticity and integrity of communications. Providing such guarantees is of increasing importance in the field of automated control systems employing low cost, low performance devices.
  • The security of a cryptographic protocol invariably depends on the security of the cryptographic keys used to encrypt and authenticate protocol messages. There is thus a need for cryptographic protocols to exchange and establish such keys without the risk of disclosure or interference by a possible attacker. Such protocols are known as key exchange.
  • The form of key exchange typically preferred in a modern communication protocol employs the form of cryptography known as public key cryptography using techniques such as those taught by Diffie et. al. and Rivest et al. The core strength of these algorithms is the separation of the keys used to sign and decrypt messages from those used to verify and encrypt messages.
  • Public key cryptography offers considerable benefits to the protocol designer but requires significant computational resources to perform the necessary calculations with a key size sufficiently large to provide an acceptable degree of security. For this reason and others, cryptographic protocols almost invariably employ a mixture of public key and traditional techniques known as ‘symmetric key cryptography’.
  • The exponential improvement in computing performance since the discovery of public key cryptography has led many to assume that the processing demands of using public key cryptography will become less significant over time as low performance computers are replaced with faster ones.
  • While this assumption has indeed proved true of computers intended for personal use and for larger machines, it is not true of embedded computer systems where the prime consideration is cost. The same fabrication and design improvements that have made it possible to make high performance computers even faster have also made it possible to make low performance computers cheaper, thus enabling their use in an increasing number of applications. Embedded computer systems are now ubiquitous in electronic and electrical devices including children's toys, household appliances, vehicles and industrial control equipment. As a result the number of low performance computers has actually increased exponentially over time rather than decreasing.
  • Symmetric key cryptography alone has proved to be sufficient to support many large scale applications involving only two parties and where one of the parties is the provider of the authentication device. For example: ‘Subscriber Identity Modules’ (SIM) and equivalents in mobile telephones and subscriber identification cards used in satellite broadcasting.
  • While the protocols used to support such devices employ symmetric key cryptography as the basis for an authentication service, their purpose is to identify the device in which it is installed to the issuer alone. The protocols developed are thus essentially two party protocols designed to allow a secure communication between the issuer of the device and the holder of the device.
  • While such protocols could in theory enable communication between arbitrary communicating parties, doing so requires that the issuer be at least a potential intermediary in every such communication. The issuer of the device has all the information available to the device itself and is thus capable of impersonating the device in any context in which it is used.
  • In the general case the ability to perform such impersonation is highly undesirable both to the end user and the issuer of the device since it is an implicit third party in any communication purpose for which the device is employed.
  • Any party offering trusted third party services must limit their exposure to claims of liability, including unfounded claims. This in turn requires trusted third parties employ protocols and procedures that limit or eliminate their ability to commit a breach. Hitherto such protocols have required that all devices involved in the protocol perform public key cryptography operations.
  • There is thus a need for a cryptographic protocol that permits a low performance computing device to interact with networks and protocols while enabling the use of third party provided authentication services.
  • One approach to meeting this requirement is the use of a form of public key cryptography that places a lower computational burden on the endpoint device. For example certain variants of public key cryptography known as Elliptic Curve Cryptography (ECC) can offer an order of magnitude improvement in performance under certain conditions. While this is a useful improvement in some situations it is not a sufficient improvement to make implementation possible on the lowest performance devices.
  • A variation of this approach is to provide the device with special purpose hardware optimized for functions commonly used in cryptographic operations such as modular exponentiation. This approach is undesirable as it requires a significant increase in device complexity and the additional circuitry will be present in the device and drawing power for the lifetime of the device even though it will only actually be used on very rare occasions.
  • Another approach is to use symmetric key cryptography using a shared key that is configured into the device during deployment. This approach offers high security when done correctly but requires a significant commitment of effort and expertise.
  • Yet another approach that has been employed in the deployment of one-time-use authentication tokens such as that taught by Weiss is to install a secret into the device during manufacture and communicate the value of the secret to the end-customer by some out of band means.
  • While this approach is in use today in the field of authentication tokens it is deeply unsatisfactory as a general purpose key distribution scheme as the security of the scheme depends on the manufacturer maintaining the confidentiality of the embedded secret. This deficiency in the protocol poses a significant risk to the ultimate customer but an even greater risk to the manufacturer since it is required to act as a trusted third party.
    • SUMMARY OF THE INVENTION
  • The present invention is a means of performing a secure cryptographic key exchange between a host and a device mediated by a service such that the device is not required to perform public key operations but the established key is nevertheless not disclosed to the service.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows an example application of the present invention in the field of home automation;
  • FIG. 2 shows the relationship between the communicating parties in the present invention; and
  • FIG. 3 shows an example protocol exchange employing the present invention;
    •  DETAILED DESCRIPTION OF THE INVENTION
  • In one embodiment, a device is initialized with a unique device identifier (ID) and device key (KD) during manufacture. The device key should conform to all the requirements for use as a cryptographic key and the mode of distribution should ensure that at the end of the manufacturing process the device key is only stored in the device to which it is issued and the delegate key exchange service.
  • The protocol described allows a device that has a pre-established ID, KD pair with a delegate key exchange service ‘service’ to establish a shared secret KDH with a host computer, such that:
      • The Service cannot determine the value KDH unless it also has access to both the original request made to the Service and the communication between the Device and the Host.
      • It is not possible to recover the value KDH from knowledge of the communication between the Device and Host alone.
      • Any modification of the messages passing between the Device and the Host that would affect the value of KDH calculated would result in the Device and Host arriving at different values of KDH and the exchange would fail in a testable manner.
  • If the Service is operated in strict compliance with the requirements of the protocol, it is not possible for the Service to recover the value KDH after the key establishment has been completed unless it has also previously observed the communication between the Device and the Host.
  • The trust guarantees offered to the parties may be further increased by use of mechanisms that ensure that the device keys are at all times protected by trustworthy, auditable hardware.
  • In an alternative embodiment the end user of the Device and Host might opt to further control their degree of risk by re-initializing devices previously configured for use with a Service of their own choice, typically one that is under their direct control.
    • Application: Home Automation
  • FIG. 1 shows an example of the protocol being employed in a home automation application.
  • Homeowner Alice (2) wishes electrician Bob (1) to deploy a home automation system in her house so that she can turn the lights (10, 11) on and off in the television room without getting up from her chair. For reasons of cost the home automation system (12) must not require additional wiring to be laid and control signals must therefore be passed either wirelessly or through the power line. While existing products meet this specific need, their lack of security means that the lights in Alice's house could be accidentally activated by Carol living next door or deliberately and maliciously by attacker Mallet (3).
  • An approach using public key cryptography as the device authentication means would require each device controller to have the ability to perform public key cryptography operations and thus be more expensive. An approach using symmetric key cryptography alone would require Alice and Bob to either engage in complex key management operations or to accept disclosure of their cryptographic keys to a third party.
  • The delegate key exchange scheme allows Bob to install the home automation devices with minimal changes to his working practices. The device is wired in precisely the same way as a traditional power socket or light switch. Each device is marked with a unique identifier (for example, a serial number). Bob makes a note of each identifier (for example, by using a barcode reader or writing it down) and enters them into the home automation controller system which contacts the Delegate Key Exchange Service (13) on his behalf to complete the key exchange. From this point on the configuration and initialization of the device is automatic.
    • Application: Control System Deployment
  • Delegated Key Exchange may be employed in other forms of control system application, including industrial plant control, industrial plant automation, robotics and automotive vehicles.
    • Application: Authentication Token
  • Delegated Key Exchange may be employed in the context of a card or token based authentication schemes.
  • The authentication token (for example an ISO/IEC 7810 compliant smartcard) is initialized with a symmetric keypair during manufacture. On deployment the card is initialized with a site specific symmetric keypair by means of the Delegated Key Exchange protocol.
    • Protocol
  • The protocol consists of four messages of which the last three contain the cryptographic elements. The protocol configuration is shown in FIG. 2. A timing diagram for the protocol is given in FIG. 3.
  • The parties to the protocol are a Device (101), a Host (101) and a Service (102).
  • Communication between the Device and Host (201) would be achieved using whatever physical and messaging protocols are supported by the device. For example RS 485 in combination with MODBUS or DNP3. The security of the protocol does not depend on the communication between the Device and Host being protected against non-disclosure. Indeed it is assumed that the lack of such protection is the problem that the invention is deployed to solve.
  • Communication between the Host and Service (202) must be protected to prevent disclosure. This may be achieved using a secure tunnel protocol such as SSL/TLS or IPSEC. In an alternative embodiment the cryptographic elements are directly protected using the public key of the Host and Server. In yet another alternative embodiment, the communication between the Host and Service are secured by a session key established out of band.
    • Cryptographic Operations
  • The protocol employs a Message Authentication Code function M (c, k) where c is the content and k the key. For example HMAC-SHA2 may be used.
  • The protocol also employs a cryptographic digest function M(c) where c is the content. For example, SHA-2 may be used.
  • Concatenation of content data values is represented using the +operator.
  • The protocol does not require that the combination of the data items be achieved through concatenation or that they be presented in a particular order, only that the combination function and the order chosen be consistent. Equivalent embodiments of the protocol may be devised by altering the order in which the data elements are combined, the combination function and/or the cryptographic algorithms.
  • The protocol requires nonce values (nH1, nH2, nS) to be generated by the Host and Service.
  • Nonce values may be generated through a wide variety of equivalent means. A cryptographically qualified random data source may be used. In an alternative embodiment a pseudo-random sequence may be used.
    • Initial Conditions
  • At the start of the protocol the values ID and KDM are known to both the Device and the Service. They should not be disclosed to any other party, nor should any other party keep a record of them.
    • Device to Host
  • In the first step of the protocol the Device communicates its unique identifier to the Host.
  • Since this is the only information the Host requires to initiate the protocol, the Device to Host message may be performed out of band, either as part of a prior network communication (e.g. network address acquisition) or even a communication with the device supplier prior to the physical device itself being acquired.
  • Although the protocol intentionally avoids the use of a device nonce, such a nonce could be introduced in an equivalent variation.
    • Host to Service
  • The Host communicates the values ID and nH1 to the Service where nH1 is a nonce value.
    • Service to Host
  • On receiving the request from the Host, the Service determines if it holds a corresponding key value. If not, an error is reported and the protocol stops. If required, the Host may perform access control operations at this point, dependent on the credentials presented by the Host.
  • The protocol makes use of a context value C. In the simple version of the protocol the value C is simply the device identifier ID. In the advanced form of the protocol the value C is calculated from the cryptographic credentials used to secure the communication between the Host and Service.
  • The Service now generates a nonce value nS and calculates the values tH1 and m as follows:

  • t H1 =H(n H1)

  • m=M(C+t H1 +n S ,K)
  • The Service communicates the values nS and m to the Host.
  • In order to preclude the possibility of future collusion in an attack, the Service should delete all copies of the values nH1 and m after the message has been sent to the host. If this form of attack is not a concern, it is not necessary to calculate tH1 and the value nH1 may be used in its place to calculate m.
    • Host to Device
  • The Host now generates a nonce value nH2 and calculates the value KDH as follows:

  • K DH =M(n H2 ,m)
  • The Service now completes the protocol by communicating the values tH1, nH2 and nS to the Device.
  • The Device may now calculate the value KDH using the same formula as the Host.
    • Alternative Protocol
  • Additional protections may be provided with only a modest increase in computational cost by modifying the choice of context value C so that it is dependent on the cryptographic credentials used to authenticate the server and extending the Host to Device communication to provide the Device with sufficient information to determine C.
  • For example, if the Server credential is CS, a realization of the protocol may require the value C to be determined as:

  • C=ID+C S
  • Provided the Server will only use values of C created from authentic credentials CS, the protocol is protected against a man-in-the-middle attack.
  • In practice a preferable derivation is the form C=H(ID+CS) since this ensures that the size of the message to the Device is independent of the size of the credential.
  • The value C may be made dependent on any set of data values that are to be securely bound to the established cryptographic key. For example, the time the request is made, or the identity of the party making the request.
  • The same principle may be applied to communication between the Device and Host to achieve attestation of any properties of the Device and/or the Host.
  • In this configuration the value KDH is calculated as:

  • K DH =M(D,m)
  • Where the value D is dependent on the parameters to be verified. Such parameters much of course be available to both the Device and the Host through in-band or out-of band communication.
  • For example, a common requirement is for the host to be able to determine which firmware, application code or configuration data is in use in the device. In this instance the value D might be calculated as:

  • D=H(n H2 +H(f)) where f is the firmware image
    • Equivalent Embodiments
  • While the foregoing written description enables a practitioner of ordinary skill in the art to make and use one instance of the protocol, those of ordinary skill will understand and appreciate the existence of variations and equivalents of this specific embodiment, method and examples described.
  • In particular;
    • Equivalent Cryptographic Functions
  • In the described embodiment of the protocol a Message Authentication Code (MAC) function is used to perform a one-way function under control of a key. In an equivalent implementation a simple one-way function over the content concatenated with or otherwise modified by the key may be employed.
  • Where use of a cryptographic digest function is specified, an equivalent implementation may be replaced with a MAC function combined with any choice of key.
    • Wrapped Key
  • In some situations it is desirable for the Host to have the ability to select the shared secret key. For example to enable the use of keys generated from the device identifier or other identifier by means of a master secret key.
  • This capability may be added to the protocol by encrypting the desired shared secret under the value KDH and including the result in the final message from the Host to the Device.
    • Multiple Services
  • A party with serious security concerns might choose to further limit reliance on one specific Delegated Key Exchange Service by employing multiple services.
  • In one instance of this variation, a shared key established through a key exchange employing one Service is used to encrypt communication between the Device and Host in a second key exchange employing the second service.
  • In an alternative instance of this variation, the Device and Host establish multiple shared keys through key exchanges with the independent Services and the final key is created by means of a combination function on the set of shared keys. For example the shared key KDH might be formed from KDH1, KDH2 as KDH=KDH1 XOR KDH2 or KDH=H (KDH1+KDH2)5 or any equivalent combination with the necessary cryptographic properties.
    • Multiple Constrained Devices
  • The protocol as described allows a constrained Device to establish a session key with a Host that is not constrained in processing resources. The protocol may be generalized to allow a session key to be established between two constrained devices.
  • One method of establishing a session key between two constrained devices is for the Host to perform an independent key establishment operation with each constrained device and then issue a session key to the constrained devices. This mode of use may be regarded as a combination of the present invention with a Needham-Schroeder key distribution mechanism with the Host performing the role of the key distribution center.
  • Another method of establishing a session key is for the constrained devices to interact directly. Numerous equivalent variations of this approach are possible.
    • Public Key Exchange
  • In the case where it is desirable for no party other than the Host and Service to have any possibility of calculating the established session key, the value KDH may be used to authenticate a lightweight Diffie-Helleman key exchange following completion of the delegated exchange protocol.
    • Derived Key
  • While the Device Identifier and Device Key are logically independent, manufacturing efficiencies may be realized by employing techniques which allow the shared secret to be derived from the device identifier by means of a cryptographic operation and a secret key.
  • For example the Device Key may be derived as KDH=E (ID, k1) or KDH=MAC (ID, k2) where k1 and k2 are secret keys known only at the point of manufacture and the registry. Use of such cryptographic techniques enables communication between the manufacturer and the registry to be minimized, a key requirement in very high volume manufacturing operations.
  • Ideally the scope of use for the secret keys should be minimized to limit exposure in case a compromise does occur. For example a machine testing and configuring a million devices a week might be required to change encryption keys every 10,000 devices so that a compromise such as the theft of the configuration device would in the worst case require the replacement of the devices initialized using the last encryption key rather than every device ever configured by that machine.
    • Extended Applications
  • The basic key exchange protocol may be used to benefit a wide range of applications.
    • Interchangeable Identity Module
  • A key problem in manufacture of electronic devices is how to program each device with a unique identity code. Mass production techniques are optimized for the production of devices that are precisely the same. Programming of cryptographic keys offers a challenge that is harder still, not only is the data to be unique, the data must not be disclosed to any unauthorized party.
  • Meeting such constraints in the general purpose supply chain is time consuming and costly relative to the cost of the devices themselves. If the key is to be considered trustworthy, the key must be installed in a manufacturing facility that is accredited as trustworthy.
  • Implementation of the present invention in a separate, single purpose identity module allows both of these considerations to be met at very little cost. Instead of having to manufacture and customize the whole device in a trustworthy facility, only the interchangeable identity module need be so produced.
  • One form of such an interchangeable identity module would contain a CPU, memory and communication means packaged in an interchangeable package format such as a dual-in-line (DIL) socket or SIM format. Such a device may employ a standardized interface protocol such as Serial Peripheral Interface Bus or Inter-Integrated Circuit (I2C)bus for communication.
  • If an end-user wishes to employ a commercial off-the-shelf device manufactured for use in applications requiring a normal degree of trustworthiness for an application requiring a higher degree of trust they can do so by replacing the interchangeable identity module provided by the supplier with a different one from a trusted provider. If the highest level of assurance is required, a low cost generic Interchangeable Identity Module may be replaced with one produced in a trusted facility and additionally capable of supporting public key operations, thus enabling use of a key exchange supporting perfect forward secrecy.
  • Use of Interchangeable Identity Modules provide another important advantage when equipment is being decommissioned. Removal and destruction of the Interchangeable Identity Module assures the end user that the ability of the device to access their network has been completely eliminated.
    • Wireless Identity Module
  • The present invention may be used as the basis of an improved wireless identification device also known as a Radio Frequency Identification Device (RFID).
  • Currently existing RFID tags are vulnerable to compromise at the registry unless higher cost, Public Key based authentication techniques are employed.
  • The present invention allows a low cost RFID token without public key capability to be cryptographically ‘tied’ to a specific zone of trust and to perform secure communications within that zone of trust without the risk of compromise by the token manufacturer or registry service provider.
    • Theft Deterrence
  • The present invention may be used as the basis of a theft prevention system in which the device refuses to perform part or all of its function unless the device is provided with periodic proof of possession of a shared key established through use of the protocol.
  • For example, an LED light bulb is configured with a device key during manufacture. On deployment the end user performs the protocol previously described (or a variant thereof) to establish a shared secret key KDH. At this point the Service is advised that all requests for re-key operations for that device are to be refused except by express permission of that end user. The device is then instructed to refuse requests to provide illumination unless that request is authenticated by means of the shared secret key KDH.
  • While such a device is still vulnerable to theft, there is no advantage to a thief in doing so as the device can only be used by an end-user with knowledge of the shared secret key KDH.
  • The present invention may be applied to prevent theft of all manner of electronic devices that require access to a computer network for at least a part of their function or are composed of multiple interchangeable components. Such devices include lenses and accessories for photographic and video systems, automotive accessories as car radios and mobile telephones.

Claims (31)

1. A method of managing cryptographic keys between first and second parties with the assistance of a third party comprising:
the third party or an agent thereof establishing a device identifier value and device key value in the first party
the second party determining at least one device identifier corresponding to the first party, and
the second party making a request to the third party that includes at least the device identifier, and
the third party chooses a nonce value, and
the third party calculates a message value m as a function of at least the device key corresponding to the device identifier and the nonce value, and
the message value m is returned to the second party, and
the second party communicates all the data necessary to calculate m together with a nonce value to the first party, and
the second party calculates the session key k as a function of m and the nonce value, and
the first party calculates the session key k from the data provided by the second party, the device identifier and device key.
2. The method according to claim 11 in which the calculation of m is derived by first applying a one way function to the value of the nonce provided by the second party.
3. The method according to claim 1 in which the message from the second party to the first party further includes an additional nonce value that is used in the calculation of the session key k as a function of m.
4. The method according to claim 33 in which a one way function is used to derive m
5. The method according to claim 44 in which the one way function is a Message Authentication Code
6. The method according to claim 33 in which the session key is calculated using a one way function.
7. The method according to claim 66 in which the one way function is a Message Authentication Code
8. The method according to claim 77 in which the input to the one way function includes a device context.
9. The method according to claim 88 in which a Message Authentication Code is used to derive m.
10. The method according to claim 88 in which the device context further includes a value that depends on at least a part of the firmware of the device.
11. The method according to claim 1 in which the request from the second party to the third further includes a context value.
12. The method according to claim 1111 in which the communication between the second party and the third party employs a cryptographic communication protocol.
13. The method according to claim 1111 in which the cryptographic communication protocol employs a credential for the third party and at least a part of the credential forms at least a part of the context value.
14. The method according to claim 1111 in which the cryptographic communication protocol employs a credential for the second party and at least a part of the credential forms at least a part of the context value.
15. The method according to claim 1414 in which the cryptographic communication protocol is Transport Layer Security (also known as Secure Socket Layer) and the credential is an X.509 Certificate.
16. The method according to claim 88 in which the second party uses the session key k derived from m to encrypt a second session key k2 that is passed to the first party.
17. The method according to claim 88 in which the first party has embedded device identifier value and device key value established by multiple third parties and the second party may engage in the method described one time or more times with one third party or multiple third parties.
18. The method according to claim 11 in which the device key is generated as a cryptographic function of the device identifier.
19. The method according to claim 1818 in which the cryptographic function is an encryption function.
20. The method according to claim 1818 in which the cryptographic function is a Message Authentication Code function.
21. A device of manufacture that manages cryptographic keys in conjunction with a second party with the assistance of a third party comprising:
the third party or an agent thereof establishing a device identifier value and device key value in the first party
the second party determining at least one device identifier corresponding to the device, and
the second party making a request to the third party that includes at least the device identifier, and
the third party chooses a nonce value, and
the third party calculates a message value m as a function of at least the device key corresponding to the device identifier and the nonce value, and
the message value m is returned to the second party, and
the second party communicates all the data necessary to calculate m to the first device, and
the second party calculates the session key k as a function of m, and the device calculates m, and
the first party calculates the session key k from the data provided by the second party, the device identifier and device key.
22. The device according to claim 2121 in which the first device is packaged as a removable module
23. The device according to claim 2121 in which the device is incorporated into a home automation system.
24. The device according to claim 2121 in which the device is incorporated into a process control system
25. The device according to claim 2121 in which the device is an authentication token.
26. The device according to claim 2121 in which the device communicates with the second party by means of a wireless means communication.
27. The device according to claim 2626 in which the device is a Radio Frequency Identification Device.
28. The device according to claim 2121 in which the first device is further configured to refuse some or all operation requests unless authenticated by means of the session key k.
29. The device according to claim 2121 in which the first device is further configured to refuse some or all operation requests unless provided with a proof of possession of the session key k within a pre-determined time interval.
30. The device according to claim 29 in which the device is an interchangeable module for providing illumination.
31. The device according to claim 29 in which the device is a lens, light, strobe light or other accessory for a camera.
US13/166,762 2010-07-08 2011-06-22 Delegated Key Exchange System and Method of Operation Abandoned US20120008784A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/166,762 US20120008784A1 (en) 2010-07-08 2011-06-22 Delegated Key Exchange System and Method of Operation

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US36245710P 2010-07-08 2010-07-08
US13/166,762 US20120008784A1 (en) 2010-07-08 2011-06-22 Delegated Key Exchange System and Method of Operation

Publications (1)

Publication Number Publication Date
US20120008784A1 true US20120008784A1 (en) 2012-01-12

Family

ID=45438603

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/166,762 Abandoned US20120008784A1 (en) 2010-07-08 2011-06-22 Delegated Key Exchange System and Method of Operation

Country Status (1)

Country Link
US (1) US20120008784A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130003968A1 (en) * 2011-06-30 2013-01-03 Electronics And Telecommunications Research Institute Method and apparatus for generating session key and cluster key
US20130227694A1 (en) * 2012-02-29 2013-08-29 The Mitre Corporation Hygienic charging station for mobile device security
WO2016057209A1 (en) * 2014-10-06 2016-04-14 Micron Technology, Inc Secure shared key sharing systems and methods
EP3125492A1 (en) * 2015-07-28 2017-02-01 Siemens Aktiengesellschaft Method and system for generating a secure communication channel for terminals
CN106464490A (en) * 2014-06-27 2017-02-22 皇家飞利浦有限公司 Device for determining a shared key
WO2017160394A1 (en) * 2016-03-15 2017-09-21 Intel Corporation System, apparatus and method for key provisioning delegation
US11057196B2 (en) 2016-09-08 2021-07-06 Hewlett-Packard Development Company, L.P. Establishing shared key data for wireless pairing

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6516414B1 (en) * 1999-02-26 2003-02-04 Intel Corporation Secure communication over a link
US6550008B1 (en) * 1999-02-26 2003-04-15 Intel Corporation Protection of information transmitted over communications channels
US20040003277A1 (en) * 2002-06-27 2004-01-01 Thorwald Rabeler Security processor with bus configuration
US20060136717A1 (en) * 2004-12-20 2006-06-22 Mark Buer System and method for authentication via a proximate device
US20060209789A1 (en) * 2005-03-04 2006-09-21 Sun Microsystems, Inc. Method and apparatus for reducing bandwidth usage in secure transactions
US20060253578A1 (en) * 2005-05-03 2006-11-09 Dixon Christopher J Indicating website reputations during user interactions
US20090300358A1 (en) * 2006-09-23 2009-12-03 China Iwncomm Co. Ltd Method for managing network key and updating session key
US20090307490A1 (en) * 2006-02-02 2009-12-10 Identum Limited Electronic data communication system
US20100009656A1 (en) * 2006-09-23 2010-01-14 China Iwncomm Co., Ltd. Network access authentication and authorization method and an authorization key updating method
US20100037053A1 (en) * 2006-09-13 2010-02-11 Timo Stenberg Mobile station authentication in tetra networks
US20100040234A1 (en) * 2008-08-15 2010-02-18 Gm Global Technology Operations, Inc. System and method for performing an asymmetric key exchange between a vehicle and a remote device
US20100217837A1 (en) * 2006-12-29 2010-08-26 Prodea Systems , Inc. Multi-services application gateway and system employing the same
US7813822B1 (en) * 2000-10-05 2010-10-12 Hoffberg Steven M Intelligent electronic appliance system and method
US20100306839A1 (en) * 2007-10-23 2010-12-02 China Iwncomm Co., Ltd. Entity bi-directional identificator method and system based on trustable third party
US20100313012A1 (en) * 2007-12-03 2010-12-09 China Iwncomm Co., Ltd. light access authentication method and system
US20110126000A1 (en) * 2008-07-23 2011-05-26 China Iwncomm Co., Ltd. Method for accessing data safely suitable for electronic tag
US20110235806A1 (en) * 2008-12-05 2011-09-29 Panasonic Electric Works Co., Ltd. Key distribution system
US8150037B2 (en) * 2007-02-20 2012-04-03 Carnegie Mellon University Apparatus and method for secure, user-friendly deployment of information
US20120239930A1 (en) * 2011-03-18 2012-09-20 Research In Motion Limited Keyed PV Signatures

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6550008B1 (en) * 1999-02-26 2003-04-15 Intel Corporation Protection of information transmitted over communications channels
US6516414B1 (en) * 1999-02-26 2003-02-04 Intel Corporation Secure communication over a link
US7813822B1 (en) * 2000-10-05 2010-10-12 Hoffberg Steven M Intelligent electronic appliance system and method
US20040003277A1 (en) * 2002-06-27 2004-01-01 Thorwald Rabeler Security processor with bus configuration
US20060136717A1 (en) * 2004-12-20 2006-06-22 Mark Buer System and method for authentication via a proximate device
US20060209789A1 (en) * 2005-03-04 2006-09-21 Sun Microsystems, Inc. Method and apparatus for reducing bandwidth usage in secure transactions
US20060253578A1 (en) * 2005-05-03 2006-11-09 Dixon Christopher J Indicating website reputations during user interactions
US20090307490A1 (en) * 2006-02-02 2009-12-10 Identum Limited Electronic data communication system
US20100037053A1 (en) * 2006-09-13 2010-02-11 Timo Stenberg Mobile station authentication in tetra networks
US20090300358A1 (en) * 2006-09-23 2009-12-03 China Iwncomm Co. Ltd Method for managing network key and updating session key
US20100009656A1 (en) * 2006-09-23 2010-01-14 China Iwncomm Co., Ltd. Network access authentication and authorization method and an authorization key updating method
US20100217837A1 (en) * 2006-12-29 2010-08-26 Prodea Systems , Inc. Multi-services application gateway and system employing the same
US8150037B2 (en) * 2007-02-20 2012-04-03 Carnegie Mellon University Apparatus and method for secure, user-friendly deployment of information
US20100306839A1 (en) * 2007-10-23 2010-12-02 China Iwncomm Co., Ltd. Entity bi-directional identificator method and system based on trustable third party
US20100313012A1 (en) * 2007-12-03 2010-12-09 China Iwncomm Co., Ltd. light access authentication method and system
US20110126000A1 (en) * 2008-07-23 2011-05-26 China Iwncomm Co., Ltd. Method for accessing data safely suitable for electronic tag
US20100040234A1 (en) * 2008-08-15 2010-02-18 Gm Global Technology Operations, Inc. System and method for performing an asymmetric key exchange between a vehicle and a remote device
US20110235806A1 (en) * 2008-12-05 2011-09-29 Panasonic Electric Works Co., Ltd. Key distribution system
US20120239930A1 (en) * 2011-03-18 2012-09-20 Research In Motion Limited Keyed PV Signatures

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130003968A1 (en) * 2011-06-30 2013-01-03 Electronics And Telecommunications Research Institute Method and apparatus for generating session key and cluster key
US20130227694A1 (en) * 2012-02-29 2013-08-29 The Mitre Corporation Hygienic charging station for mobile device security
US8935793B2 (en) * 2012-02-29 2015-01-13 The Mitre Corporation Hygienic charging station for mobile device security
CN106464490A (en) * 2014-06-27 2017-02-22 皇家飞利浦有限公司 Device for determining a shared key
WO2016057209A1 (en) * 2014-10-06 2016-04-14 Micron Technology, Inc Secure shared key sharing systems and methods
US9331989B2 (en) 2014-10-06 2016-05-03 Micron Technology, Inc. Secure shared key sharing systems and methods
US9686248B2 (en) 2014-10-06 2017-06-20 Micron Technology, Inc. Secure shared key sharing systems and methods
EP3125492A1 (en) * 2015-07-28 2017-02-01 Siemens Aktiengesellschaft Method and system for generating a secure communication channel for terminals
EP3125492B1 (en) 2015-07-28 2018-01-24 Siemens Aktiengesellschaft Method and system for generating a secure communication channel for terminals
US10243745B2 (en) 2015-07-28 2019-03-26 Siemens Aktiengesellschaft Method and system for producing a secure communication channel for terminals
US11218323B2 (en) 2015-07-28 2022-01-04 Siemens Aktiengesellschaft Method and system for producing a secure communication channel for terminals
WO2017160394A1 (en) * 2016-03-15 2017-09-21 Intel Corporation System, apparatus and method for key provisioning delegation
US10516654B2 (en) * 2016-03-15 2019-12-24 Intel Corporation System, apparatus and method for key provisioning delegation
US11057196B2 (en) 2016-09-08 2021-07-06 Hewlett-Packard Development Company, L.P. Establishing shared key data for wireless pairing

Similar Documents

Publication Publication Date Title
CN110995642B (en) Providing secure connections using pre-shared keys
CN110050437B (en) Apparatus and method for distributed certificate registration
CN101828357B (en) Credential provisioning method and device
DK1556992T3 (en) Safety performance and use of device-specific safety data
US9621356B2 (en) Revocation of root certificates
US20120008784A1 (en) Delegated Key Exchange System and Method of Operation
CN104094267B (en) Method, apparatus and system for secure sharing of media content from a source device
CA2692326C (en) Authenticated communication between security devices
RU2399087C2 (en) Safe data storage with integrity protection
EP3247087B1 (en) User-initiated migration of encryption keys
US20070083766A1 (en) Data transmission links
JP7232816B2 (en) Authentication system and authentication method for authenticating assets
EP3695561B1 (en) Secure provisioning of data to client device
US8230218B2 (en) Mobile station authentication in tetra networks
KR20200027526A (en) Method and device for verifying the authorization of an electronic device
CN110268675B (en) Programmable hardware security module and method on programmable hardware security module
US7415110B1 (en) Method and apparatus for the generation of cryptographic keys
Yeun et al. Secure software download for programmable mobile user equipment
CN114567425A (en) Internet of things communication method and system, SoC Sim and Internet of things terminal
WO2023242390A1 (en) An intraoral scanning device configured to authenticate mode request
CN115242395A (en) Data communication method, device, distributed system and storage medium
CN113873513A (en) Method and apparatus for processing control key

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION